[Greasemonkey] Another Attack?
Aaron Boodman
zboogs at gmail.com
Fri May 6 09:21:16 EDT 2005
Not in 0.3b. The functions are local variables to an anonymous
function, so it isn't possible to modify them at all.
But you did just make me think of something else. The sequence is:
*create window properties
*for each script
*create anon function scope
*create local vars referencing window properties
*inject script
*close anon function scope
*delete window properties.
A script could redefine the window properties and all subsequently
injected scripts would be affected. This is easy to fix by simply
redefining the window properties for each iteration. Thanks for making
me think of it!
--
Aaron
--
Aaron
On 5/6/05, Scott R. Turner <srt at aero.org> wrote:
> I just thought of another way that GM might be vulnerable to attack.
> Suppose I have an extension or script that redefines the GM_ functions
> that GM exports. If that extension gets loaded after GM, I think it
> can hijack the GM_ functions. Is that correct?
>
> -- Scott
>
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
More information about the Greasemonkey
mailing list